Terraform-provider-aws: Cognito user pool email sending account
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
aws_cognito_user_pool email configuration does not currently appear to support adding an email sending account, we currently have to do with via the aws cli / console.
New or Affected Resource(s)
- aws_cognito_user_pool
Potential Terraform Configuration
resource "aws_cognito_user_pool" "pool" {
name = "mypool"
email_configuration {
reply_to_email_address = "${var.reply_to}"
source_arn = "${var.source_arn}"
email_sending_account = "DEVELOPER"
}
}
References
https://docs.aws.amazon.com/cli/latest/reference/cognito-idp/update-user-pool.html
{
"SourceArn": "string",
"ReplyToEmailAddress": "string",
"EmailSendingAccount": "COGNITO_DEFAULT"|"DEVELOPER"
}
andrewmichael
All 9 comments
I have the similar issue as well. Use Terraform 0.11.13 and AWS Provider of 2.7.0. The resource is the next:
resource "aws_cognito_user_pool" "userpool" {
depends_on = [
"aws_iam_role_policy_attachment.cognito_userpool_policy_attach",
]
name = "${var.environment}-userpool"
auto_verified_attributes = ["email"]
username_attributes = ["email"]
mfa_configuration = "${lookup(var.cognito_settings, "mfa_configuration")}"
sms_configuration {
external_id = "${lookup(var.cognito_settings, "sms_external_id")}"
sns_caller_arn = "${aws_iam_role.cognito_sms.arn}"
}
admin_create_user_config {
allow_admin_create_user_only = false
unused_account_validity_days = 7
}
# Change FROM email id in the verification email to [email protected]
email_configuration {
# arn:aws:ses:us-west-2:xxx867187697:identity/[email protected]
source_arn = "arn:aws:ses:${lookup(var.cognito_settings, "ses_email_az")}:${data.aws_caller_identity.current.account_id}:identity/${lookup(var.cognito_settings, "ses_email_addr")}"
}
password_policy {
minimum_length = "${lookup(var.cognito_settings, "password_minimum_length")}"
require_lowercase = "${lookup(var.cognito_settings, "password_require_lowercase")}"
require_numbers = "${lookup(var.cognito_settings, "password_require_numbers")}"
require_uppercase = "${lookup(var.cognito_settings, "password_require_uppercase")}"
}
lambda_config {
post_confirmation = "${module.user_post_confirmation_hook_lambda.arn}"
custom_message = "${module.cognito_custom_email_hook_lambda.arn}"
}
schema {
name = "email"
attribute_data_type = "String"
mutable = false
required = true
string_attribute_constraints {
min_length = 5
max_length = 2048
}
}
schema {
name = "use_case"
developer_only_attribute = false
attribute_data_type = "String"
mutable = true
required = false
string_attribute_constraints {
min_length = 0
max_length = 2048
}
}
schema {
name = "scale"
developer_only_attribute = false
attribute_data_type = "String"
mutable = true
required = false
string_attribute_constraints {
min_length = 0
max_length = 2048
}
}
schema {
name = "state"
developer_only_attribute = false
attribute_data_type = "String"
mutable = true
required = false
string_attribute_constraints {
min_length = 0
max_length = 2048
}
}
tags = {
Name = "${var.environment}-userpool"
Environment = "${var.environment}"
Origin = "terraform"
}
lifecycle {
ignore_changes = ["schema"]
}
}
zentavr
on 25 Apr 2019
I am having a similar issue as described above. When in a console I change send email option from "Use Cognito" to "Amazon SES" I don't see any changes being detected in terraform. There is nothing in the TF documentation that would explain how to switch between the two.
bhutkovskyysos
on 26 Apr 2019
What I have done as a work around is use a null resource with a local-exec to shell to the cli, and run the aws cli cognito-idp update-user-pool command.
andrewmichael
on 26 Apr 2019
Hi @andrewmichael
I am in a similar dilemma with setting this feature with Terraform.
Will you be kind enough to share the example of your command that you have used to set the "Yes - User Amazon SES" radio button with CLI?
Thanks
Lexcenture
on 2 May 2019
This seems to be a new switch AWS have added in and annoyingly it defaults to using Cognito rather than SES, so having updated something unrelated in my Terraform Cognito config this has reverted back to Cognito emailing.
You used to only have to specify the reply_to_email_address and source_arn.
s16tom
on 5 May 2019
@s16tom , we don’t use reply-to email. So are you telling that if we specify the parameter it will work?
zentavr
on 5 May 2019
Hey @zentavr and others,
I just did put up a PR to address this issue. Let's hope, its going to work out :)
SantoDE
on 14 May 2019
The PR #8626 for adding the email_sending_account argument to the aws_cognito_user_pool resource has been merged and will be released with version 2.15.0 of the Terraform AWS provider.
nywilken
on 7 Jun 2019
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 3 Nov 2019
Related issues
joelittlejohn
·
3Comments
blaltarriba
·
3Comments
EmmN
·
3Comments
hashibot
·
3Comments
modax
·
3Comments
Most helpful comment
Hey @zentavr and others,
I just did put up a PR to address this issue. Let's hope, its going to work out :)